HP OpenView NNM "ovalarmsrv" Remote Integer Overflow Vulnerability
Last Update Date:
28 Jan 2011
Release Date:
29 Apr 2009
4714
Views
RISK: Medium Risk
A vulnerability has been identified in HP OpenView Network Node Manager (NNM), which could be exploited by attackers to cause a denial of service or compromise a vulnerable system. This issue is caused by an integer overflow error in "ovalarmsrv.exe" when processing a specially crafted command sent to port 2954/TCP, which could allow remote attackers to crash an affected process or execute arbitrary code via a malicious request.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- HP OpenView Network Node Manager (OV NNM) version 7.01 (on HP-UX, Linux, Solaris, and Windows)
- HP OpenView Network Node Manager (OV NNM) version 7.51 (on HP-UX, Linux, Solaris, and Windows)
- HP OpenView Network Node Manager (OV NNM) version 7.53 (on HP-UX, Linux, Solaris, and Windows)
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- HP OV NNM v7.53 for HP-UX (IA) - Install PHSS_39246 or subsequent
- HP OV NNM v7.53 for HP-UX (PA) - Install PHSS_39245 or subsequent
- HP OV NNM v7.53 for Linux RedHatAS2.1 - Install LXOV_00093 or subsequent
- HP OV NNM v7.53 for Linux RedHat4AS-x86_64 - Install LXOV_00094 or subsequent
- HP OV NNM v7.53 for Solaris - Install PSOV_03519 or subsequent
- HP OV NNM v7.53 for Windows - Install NNM_01197 or subsequent
- HP OV NNM v7.51 - Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above :
- ftp://nnm_753:[email protected]/ - HP OV NNM v7.01 with Intermediate Patch 12 for HP-UX (PA) - Install PHSS_38761
- HP OV NNM v7.01 with Intermediate Patch 12 for Solaris - Install PSOV_03516
- HP OV NNM v7.01 with Intermediate Patch 12 for windows - Install NNM_01194
- For detailed information, please visit
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303
Vulnerability Identifier
Source
Related Link
Share with